基于并行特征选择和分类的网络入侵检测方法
|
摘要
针对存在大量访问时的网络入侵检测问题,提出一种在MapReduce框架下实现的并行网络入侵检测方法。构建一种并行化的量子粒子群优化(QPSO)算法,对原始数据集中的大量特征进行选择,降低特征维度;实现一种并行化的朴素贝叶斯(NB)分类器,以网络访问特征作为输入来检测入侵。在KDDCup99数据集上的实验结果表明,该特征选择方法能够选择出最优特征子集,有效提高了入侵检测的准确性,特征选择和分类器的并行化缩短了检测时间。
To solve the problem of network intrusion detection when there is a large number of accesses,aparallel network intrusion detection method based on MapReduce was proposed.A parallel quantum particle swarm optimization(QPSO)algorithm was constructed to reduce the feature dimension by selecting feature subset from the original data set.A parallel naive Bayesian(NB)classifier was implemented in which network access features were taken as input to detect intrusions.Experimental results on KDDCup99 dataset show that the proposed feature selection method can select the optimal feature subset and improve the accuracy of intrusion detection effectively.The parallelization of feature selection and classifier greatly reduces the detection time.
To solve the problem of network intrusion detection when there is a large number of accesses,aparallel network intrusion detection method based on MapReduce was proposed.A parallel quantum particle swarm optimization(QPSO)algorithm was constructed to reduce the feature dimension by selecting feature subset from the original data set.A parallel naive Bayesian(NB)classifier was implemented in which network access features were taken as input to detect intrusions.Experimental results on KDDCup99 dataset show that the proposed feature selection method can select the optimal feature subset and improve the accuracy of intrusion detection effectively.The parallelization of feature selection and classifier greatly reduces the detection time.
引文
[1]TIAN Zhihong,WANG Bailing,ZHANG Weizhe,et al.Network intrusion detection model based on context verification[J].Journal of Computer Research and Development,2013,50(3):498-508(in Chinese).[田志宏,王佰玲,张伟哲,等.基于上下文验证的网络入侵检测模型[J].计算机研究与发展,2013,50(3):498-508.]
[2]LI Jia.Network intrusion detection based on AFSA-KNN selecting features[J].Computer Engineering and Design,2014,35(8):2675-2679(in Chinese).[李佳.基于AFSA-KNN选择特征的网络入侵检测[J].计算机工程与设计,2014,35(8):2675-2679.]
[3]Alsharafat W S.Applying artificial neural network and extended classifier system for network intrusion detection(ANNXCS-NID)[J].International Arab Journal of Information Technology,2013,10(10):230-238.
[4]Zhang F,Wang D.An effective feature selection approach for network intrusion detection[C]//IEEE Eighth International Conference on Networking,Architecture and Storage.IEEE,2013:307-311.
[5]DAI Yuanfei,CHEN Xing,CHEN Hong,et al.Feature selection based approach to network intrusion detection[J].Application Research of Computers,2017,34(8):2429-2433(in Chinese).[戴远飞,陈星,陈宏,等.基于特征选择的网络入侵检测方法[J].计算机应用研究,2017,34(8):2429-2433.]
[6]Ambusaidi M A,He X,Nanda P,et al.Building an intrusion detection system using a filter-based feature selection algorithm[J].IEEE Transactions on Computers,2016,65(10):2986-2998.
[7]LIU Yun,XIANG Chan,WANG Haihua.Optimization of feature selection based on mutual information in intrusion detection[J].Journal of Northwest University(Natural Science Edition),2017,47(5):666-673(in Chinese).[刘云,向婵,王海花.基于互信息的特征选择在入侵检测中的优化[J].西北大学学报:自然科学版,2017,47(5):666-673.]
[8]Han X,Xu L,Ren M,et al.A naive bayesian network intrusion detection algorithm based on principal component analysis[C]//International Conference on Information Technology in Medicine and Education.IEEE,2016:325-328.
[9]Xiang C,Xiao Y,Qu P,et al.Network intrusion detection based on PSO-SVM[J].Telkomnika Indonesian Journal of Electrical Engineering,2014,12(2):131-138.
[10]Zhang X,Wu Y,Zhao C.MrHeter:Improving MapReduce performance in heterogeneous environments[J].Cluster Computing,2016,19(4):1-11.
[11]ZHANG Mingmin,ZHANG Gongxuan,ZHOU Xiumin.Parallel implementing loglikelihood similarity algorithm based on MapReduce programming model[J].Computer Engineering and Design,2015,36(5):1233-1238(in Chinese).[张明敏,张功萱,周秀敏.对数似然相似度算法的MapReduce并行化实现[J].计算机工程与设计,2015,36(5):1233-1238.]
[12]Xing H,Xu L,Qu R,et al.A quantum inspired evolutionary algorithm for dynamic multicast routing with network coding[C]//International Symposium on Communications and Information Technologies.IEEE,2016:186-190.
[13]Liu Y,Ma R.Network anomaly detection based on BQPSO-BN algorithm[J].Iete Journal of Research,2013,59(4):334-342.
[14]CHEN Hanwu,ZHU Jianfeng,RUAN Yue,et al.Quantum particle swarm optimization algorithm with crossover operator[J].Journal of Southeast University(Natural Science Edition),2016,46(1):23-29(in Chinese).[陈汉武,朱建锋,阮越,等.带交叉算子的量子粒子群优化算法[J].东南大学学报(自然科学版),2016,46(1):23-29.]
[15]Wang H,Chen H,Yang S.A hybrid intrusion detection technology based on weighted Naive Bayesian algorithm[J].Journal of Computational Information Systems,2015,11(6):2017-2025.
[2]LI Jia.Network intrusion detection based on AFSA-KNN selecting features[J].Computer Engineering and Design,2014,35(8):2675-2679(in Chinese).[李佳.基于AFSA-KNN选择特征的网络入侵检测[J].计算机工程与设计,2014,35(8):2675-2679.]
[3]Alsharafat W S.Applying artificial neural network and extended classifier system for network intrusion detection(ANNXCS-NID)[J].International Arab Journal of Information Technology,2013,10(10):230-238.
[4]Zhang F,Wang D.An effective feature selection approach for network intrusion detection[C]//IEEE Eighth International Conference on Networking,Architecture and Storage.IEEE,2013:307-311.
[5]DAI Yuanfei,CHEN Xing,CHEN Hong,et al.Feature selection based approach to network intrusion detection[J].Application Research of Computers,2017,34(8):2429-2433(in Chinese).[戴远飞,陈星,陈宏,等.基于特征选择的网络入侵检测方法[J].计算机应用研究,2017,34(8):2429-2433.]
[6]Ambusaidi M A,He X,Nanda P,et al.Building an intrusion detection system using a filter-based feature selection algorithm[J].IEEE Transactions on Computers,2016,65(10):2986-2998.
[7]LIU Yun,XIANG Chan,WANG Haihua.Optimization of feature selection based on mutual information in intrusion detection[J].Journal of Northwest University(Natural Science Edition),2017,47(5):666-673(in Chinese).[刘云,向婵,王海花.基于互信息的特征选择在入侵检测中的优化[J].西北大学学报:自然科学版,2017,47(5):666-673.]
[8]Han X,Xu L,Ren M,et al.A naive bayesian network intrusion detection algorithm based on principal component analysis[C]//International Conference on Information Technology in Medicine and Education.IEEE,2016:325-328.
[9]Xiang C,Xiao Y,Qu P,et al.Network intrusion detection based on PSO-SVM[J].Telkomnika Indonesian Journal of Electrical Engineering,2014,12(2):131-138.
[10]Zhang X,Wu Y,Zhao C.MrHeter:Improving MapReduce performance in heterogeneous environments[J].Cluster Computing,2016,19(4):1-11.
[11]ZHANG Mingmin,ZHANG Gongxuan,ZHOU Xiumin.Parallel implementing loglikelihood similarity algorithm based on MapReduce programming model[J].Computer Engineering and Design,2015,36(5):1233-1238(in Chinese).[张明敏,张功萱,周秀敏.对数似然相似度算法的MapReduce并行化实现[J].计算机工程与设计,2015,36(5):1233-1238.]
[12]Xing H,Xu L,Qu R,et al.A quantum inspired evolutionary algorithm for dynamic multicast routing with network coding[C]//International Symposium on Communications and Information Technologies.IEEE,2016:186-190.
[13]Liu Y,Ma R.Network anomaly detection based on BQPSO-BN algorithm[J].Iete Journal of Research,2013,59(4):334-342.
[14]CHEN Hanwu,ZHU Jianfeng,RUAN Yue,et al.Quantum particle swarm optimization algorithm with crossover operator[J].Journal of Southeast University(Natural Science Edition),2016,46(1):23-29(in Chinese).[陈汉武,朱建锋,阮越,等.带交叉算子的量子粒子群优化算法[J].东南大学学报(自然科学版),2016,46(1):23-29.]
[15]Wang H,Chen H,Yang S.A hybrid intrusion detection technology based on weighted Naive Bayesian algorithm[J].Journal of Computational Information Systems,2015,11(6):2017-2025.